Mitigation Instructions for CVE-2024-28987

Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk

Tech Stack: SolarWinds Web Help Desk (WHD)

Date(s) Issued:

• Published: 08/21/2024
• Last Modified: 09/26/2024

Criticality:

• CVSS v3 Score: 9.1 - CRITICAL
• CVSS v2 Score: 9.4 - HIGH
• Nessus Plugin ID: 206273

Overview

Vulnerability:
The SolarWinds Web Help Desk (WHD) version installed on the remote host is affected by a hardcoded credential vulnerability. Versions prior to 12.8.3 Hotfix 2 contain hardcoded credentials that allow remote, unauthenticated attackers to access internal functionality, potentially enabling them to execute arbitrary commands on the host machine.

Affected Versions:

• SolarWinds Web Help Desk versions prior to 12.8.3 HF2.

Exploitation:
Remote attackers can exploit this vulnerability without authentication by leveraging the hardcoded credentials to gain access to internal functionality and execute commands or modify system data.

Impact:
If successfully exploited, this vulnerability allows an attacker to compromise the confidentiality and integrity of the host, including unauthorized access to sensitive data and the ability to run commands. Availability may not be impacted directly, but the severity of the compromise is critical due to the exposure of internal systems.

Solution/Mitigation

1. Upgrade

To address the vulnerability, it is critical to upgrade to SolarWinds Web Help Desk version 12.8.3 Hotfix 2 or later.

• Download Link: SolarWinds Web Help Desk 12.8.3 Hotfix 2

2. Alternative Measures

If upgrading is not immediately possible, consider the following temporary steps:

• Restrict Access: Limit external access to the Web Help Desk interface by applying strict IP filtering or firewall rules.
• Disable Default Accounts: Ensure any default or hardcoded accounts are disabled and replaced with more secure, unique credentials if possible.
• Monitor and Audit: Implement active monitoring to detect any unauthorized access attempts.

3. Additional Security Measures

While awaiting the full upgrade or as part of a layered defense strategy, implement the following security controls:

• Network Segmentation: Isolate the affected Web Help Desk system from critical infrastructure to minimize exposure if compromised.
• Principle of Least Privilege: Review and limit the access permissions associated with Web Help Desk users and services.
• Enable Logging: Enable detailed logging for all administrative actions and system commands executed through the Web Help Desk to detect any suspicious activity.

Confirmation & Additional Information

• Verification: After upgrading or applying mitigation measures, ensure the system no longer has hardcoded credentials by reviewing application logs for any unauthorized access attempts and testing for the vulnerability using security testing tools or penetration tests.

• Stay Updated: Regularly monitor for any new security patches or advisories from SolarWinds, especially for Web Help Desk.

• Official Resources:

  • SolarWinds Security Advisory for CVE-2024-28987
  • Nessus Plugin ID 206273